A computer network is a collection of interconnected devices that exchange data and share resources. Certain devices within a network, referred to as routers, maintain routing information that describes available routes through the network. Each route defines a path between two locations on the network. Upon receiving an incoming data packet, the router examines header information within the packet to identify the destination for the packet. Based on the header information, the router accesses the routing information, selects an appropriate route for the packet and forwards the packet accordingly.
Conventional routers typically provide a mechanism, referred to herein as a management interface, by which authorized clients, such as human system administrators or automated scripts, directly or remotely access and configure “resources” within the router and obtain operational information for those resources. For example, using a management interface, the clients are able to make changes to the present configuration of a router, manage the router's policies and relationships with other routers, configure interface cards of the router, adjust parameters for the supported network protocols, specify the physical components within the routing device, modify the routing information maintained by the router, access software modules executing on the router, and the like. In addition, the management interface provides access to a variety of information relating to the internal resources of the router, including router chassis inventory, system parameters, routing policies, forwarding options, network flow statistics, error logs, user information, and performance metrics.
Most routers provide a form of “coarse-grain” access control in which the internal resources are logically aggregated into groups, often in the form of a configuration hierarchy, and user access is controlled on a per-group basis. For example, one typical implementation is to assign each user an authorization level. When a user attempts to access a resource with the router, the management interface determines whether the user has a sufficient authorization level to access the resource. If the user's authorization level is sufficient, the user is permitted to access, view, or otherwise configure the resource. If not, the management interface denies access.
Another typical implementation is to associate each user with a set of permission bits. Each permission bit is mapped to one of the groups of resources. By setting the permission bits associated with a particular user, the user can be selectively given access to the respective resource groups of the router.
As the complexity of routers continually increases, there has been an increasing need to provide adequate user-level access control to the myriad of resources and information associated with a given router. For example, a typical router within the Internet, such as a router used by an Internet Service Provider, may have hundreds or even thousands of interfaces supporting thousands of different customers. These so called coarse-grain control techniques often do not scale well as they, for example, may require an unworkable number of authorization levels or permission bits. As a result, it is often difficult to adequately provide user-level access control to the numerous resources within a router.